threat
engine
.sh
Back
·
··:··
Home
/
Product
/
openvpn
Product
openvpn
66 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-13086
>= 2.6.0 and < 2.6.16
Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attack
7.5
HIGH
CVE-2025-13751
>= 2.5.0 and < 2.6.17
Interactive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7_alpha1 through 2.7_rc2 on Windows allows a local authent
5.5
MEDIUM
CVE-2025-12106
all versions
Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when
9.1
CRITICAL
CVE-2025-50054
<= 1.3.0
Buffer overflow in OpenVPN ovpn-dco-win version 1.3.0 and earlier and version 2.5.8 and earlier allows a local user process to sen
5.5
MEDIUM
CVE-2025-3908
>= 20 and <= 24
The configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local attacker to use symlinks pointing
6.2
MEDIUM
CVE-2024-4877
>= 2.4.0 and < 2.6.11
OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the Ope
8.8
HIGH
CVE-2025-2704
>= 2.6.1 and <= 2.6.13
OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by c
7.5
HIGH
CVE-2024-13454
>= 3.0.5 and <= 3.1.7
Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allows a local attacker to more easily bruteforce the private CA
5.3
MEDIUM
CVE-2024-5198
all versions
OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local attacker to send I/O control messages with invalid data to
3.3
LOW
CVE-2024-8474
< 3.5.0
OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the applica
7.5
HIGH
CVE-2024-5594
>= 2.6.0 and < 2.6.11
OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject une
9.1
CRITICAL
CVE-2024-28882
>= 2.6.0 and < 2.6.11
OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will exten
4.3
MEDIUM
CVE-2024-27903
< 2.5.10
OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an
9.8
CRITICAL
CVE-2024-27459
< 2.5.10
The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to
7.8
HIGH
CVE-2024-24974
< 2.5.10
The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remot
7.5
HIGH
CVE-2023-6247
< 3.8.4
The PKCS#7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result i
6.5
MEDIUM
CVE-2023-7245
>= 3.2.0 and < 3.4.8
The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3.4.7 (macOS) was not properly configured, which allows a loca
7.8
HIGH
CVE-2023-7224
>= 3.0.0 and <= 3.4.6
OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the
7.8
HIGH
CVE-2023-46850
>= 2.6.0 and <= 2.6.6
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when s
9.8
CRITICAL
CVE-2023-46849
>= 2.6.0 and <= 2.6.6
Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide
7.5
HIGH
CVE-2022-3761
< 3.4.0.4506
OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) allows man-in-the-middle attack
5.9
MEDIUM
CVE-2020-20813
<= 2.4.7
Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a denial of service via crafted reset packet.
7.5
HIGH
CVE-2021-4234
< 2.11.0
OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent f
7.5
HIGH
CVE-2022-33738
< 2.11.0
OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal
7.5
HIGH
CVE-2022-33737
>= 2.10.0 and < 2.11.0
The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may cont
7.5
HIGH
CVE-2022-0547
>= 2.1.0 and < 2.4.12
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of th
9.8
CRITICAL
CVE-2021-3824
>= 2.9.0 and <= 2.9.4
OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL
6.1
MEDIUM
CVE-2021-3547
all versions
OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issui
7.4
HIGH
CVE-2021-3613
>= 3.2.0 and <= 3.3.0
OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration f
7.8
HIGH
CVE-2021-3606
< 2.5.3
OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configurati
7.8
HIGH
CVE-2020-36382
>= 2.7.3 and <= 2.8.7
OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorre
7.5
HIGH
CVE-2020-15077
<= 2.8.7
OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel dat
5.3
MEDIUM
CVE-2020-15078
< 2.4.11
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers c
7.5
HIGH
CVE-2020-27569
<= 2.8.2
Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writ
7.5
HIGH
CVE-2020-15075
<= 3.2.6
OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlin
7.1
HIGH
CVE-2020-15074
< 2.8.4
OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiti
7.5
HIGH
CVE-2020-11462
< 2.7.0
An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. With the full featured RPC2 interface enable
7.5
HIGH
CVE-2020-11810
>= 2.4.0 and < 2.4.9
An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim'
3.7
LOW
CVE-2020-7224
<= 2.5.7
The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the
9.8
CRITICAL
CVE-2020-9442
<= 3.1.0.361
OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which all
7.8
HIGH
CVE-2020-8953
>= 2.8.0 and < 2.8.1
OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentic
9.8
CRITICAL
CVE-2018-9336
>= 2.4.0 and < 2.4.6
openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free
7.8
HIGH
CVE-2018-7544
<= 2.4.5
A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabl
9.1
CRITICAL
CVE-2017-12166
< 2.3.18
OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used,
9.8
CRITICAL
CVE-2017-7522
<= 2.3.16
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a
6.5
MEDIUM
CVE-2017-7521
<= 2.3.16
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memo
5.9
MEDIUM
CVE-2017-7520
<= 2.3.16
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggere
7.4
HIGH
CVE-2017-7508
<= 2.3.16
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.
7.5
HIGH
CVE-2017-5868
all versions
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP
6.1
MEDIUM
CVE-2017-7479
<= 2.3.14
OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting
6.5
MEDIUM
CVE-2017-7478
all versions
OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. N
7.5
HIGH
CVE-2016-6329
<= 2.3.14
OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack aga
5.9
MEDIUM
CVE-2014-8104
all versions
OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial o
CVE-2014-9104
<= 1.5.6
Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6
CVE-2014-5455
all versions
Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Conne
5.3
MEDIUM
CVE-2013-2692
<= 1.8.4
Cross-site request forgery (CSRF) vulnerability in the Admin web interface in OpenVPN Access Server before 1.8.5 allows remote att
CVE-2013-2061
<= 2.3.0
The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain
CVE-2008-3459
all versions
Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to exe
CVE-2006-2229
all versions
OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext passw
CVE-2006-1629
all versions
OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PREL
CVE-2005-3409
all versions
OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to cause a denial of service (segmentation fault) by f
CVE-2005-3393
all versions
Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitra
CVE-2005-2534
all versions
Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service (
CVE-2005-2533
all versions
OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode, allows remote authenticated clients to cause a denial of s
CVE-2005-2532
all versions
OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allow
CVE-2005-2531
all versions
OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue w
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin